# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: tcely <knot-resolver+aports@tcely.33mail.com>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=knot-resolver
pkgver=5.5.1
pkgrel=1
pkgdesc="Minimalistic caching DNS resolver implementation"
url="https://www.knot-resolver.cz/"
# x86, armhf and armv7 blocked by knot
# s390x some problem with luajit
# riscv64 blocked by luajit
arch="all !x86 !armhf !armv7 !riscv64 !s390x"
license="GPL-3.0-or-later"
pkgusers="kresd"
pkggroups="kresd"
depends="dnssec-root lua5.1-cqueues lua5.1-http"
_depends_dnstap="$pkgname=$pkgver-r$pkgrel"
_depends_http="$pkgname=$pkgver-r$pkgrel lua5.1-mmdb"
_depends_dnstap_dev="fstrm-dev protobuf-dev protobuf-c-dev"
depends_dev="
	knot-dev>=2.8.0
	libedit-dev
	libuv-dev>=1.7
	luajit-dev>=2.0
	$_depends_dnstap_dev
	"
depends_static="$pkgname-dev=$pkgver-r$pkgrel"
makedepends="
	$depends_dev
	bash
	cmake
	gnutls-dev
	libcap-ng-dev
	lmdb-dev
	luacheck
	meson>=0.46
	ninja
	pkgconf
	py3-flake8
	"
checkdepends="cmocka-dev"
install="
	$pkgname.pre-install
	$pkgname.post-upgrade
	$pkgname-openrc.pre-upgrade
	$pkgname-openrc.post-upgrade
	"
subpackages="
	$pkgname-dbg
	$pkgname-mod-http:http:noarch
	$pkgname-mod-dnstap:dnstap
	$pkgname-libs-static
	$pkgname-dev
	$pkgname-doc
	$pkgname-openrc
	"
source="https://secure.nic.cz/files/knot-resolver/knot-resolver-$pkgver.tar.xz
	kresd.confd
	kresd.initd
	kres-cache-gc.initd
	kres-cache-gc.confd
	"

# secfixes:
#   5.1.1-r0:
#     - CVE-2020-12667
#   4.3.0-r0:
#     - CVE-2019-19331
#   4.1.0-r0:
#     - CVE-2019-10190
#     - CVE-2019-10191
#   2.3.0-r0:
#     - CVE-2018-1110

build() {
	# strict-aliasing breaks stats module - variable "sa" in stats.c:495 is 0x0.
	# (https://gitlab.labs.nic.cz/knot/knot-resolver/blob/v4.2.2/modules/stats/stats.c#L495)
	export CFLAGS="$CFLAGS -fno-strict-aliasing"

	abuild-meson \
		--default-library=both \
		-Dclient=enabled \
		-Dgroup="$pkggroups" \
		-Dinstall_kresd_conf=enabled \
		-Dunit_tests=enabled \
		-Duser="$pkgusers" \
		-Dmanaged_ta=disabled \
		-Dkeyfile_default=/usr/share/dnssec-root/trusted-key.key \
		build

	meson compile ${JOBS:+-j ${JOBS}} -C build
}

check() {
	meson test -C build
}

package() {
	DESTDIR="$pkgdir" meson install --no-rebuild -C build

	cd "$pkgdir"

	# These are useless on non-systemd distro.
	rm ./usr/lib/knot-resolver/distro-preconfig.lua
	rm ./usr/lib/knot-resolver/upgrade-4-to-5.lua

	install -m 755 -D "$srcdir"/kresd.initd ./etc/init.d/kresd
	install -m 644 -D "$srcdir"/kresd.confd ./etc/conf.d/kresd
	install -m 755 -D "$srcdir"/kres-cache-gc.initd ./etc/init.d/kres-cache-gc
	install -m 644 -D "$srcdir"/kres-cache-gc.confd ./etc/conf.d/kres-cache-gc

	install -d -m 750 -o kresd -g kresd ./var/cache/knot-resolver
}

http() {
	pkgdesc="Knot Resolver - HTTP/2 services"
	depends="$_depends_http"

	local moddir="usr/lib/$pkgname/kres_modules"

	mkdir -p "$subpkgdir"/$moddir
	mv "$pkgdir"/$moddir/http* "$subpkgdir"/$moddir/
}

dnstap() {
	pkgdesc="Knot Resolver - dnstap logging"
	depends="$_depends_dnstap"

	local moddir="usr/lib/$pkgname/kres_modules"

	mkdir -p "$subpkgdir"/$moddir
	mv "$pkgdir"/$moddir/dnstap.so "$subpkgdir"/$moddir/
}

_gpg_signature_extensions="asc"
_gpgfingerprints="
	good:BE26 EBB9 CBE0 59B3 910C  A35B CE8D D6A1 A50A 21E4
	good:4A8B A48C 2AED 933B D495  C509 A1FB A5F7 EF8C 4869
	B600 6460 B60A 80E7 8206  2449 E747 DF1F 9575 A3AA
	"

sha512sums="
544c427c1156774e865071061b72bce2e647b62c99e2bcee5e5af340e34f05a6b333aa2c6e3b66d4ed3a3d6136f69c0e32299f42be30d47b144c5f017b6ccf96  knot-resolver-5.5.1.tar.xz
1d4a3a16f75a9c2c1a51e5f2a0ec377019a9034208955871fe7922db245d62df522ff2e56336de2ae9d083fcfc41bd2a21546c518837f2abc13e507c2684089b  kresd.confd
6a8fdb485081556bbe52609f4b8968b092d3bf3c991fdd1ba2ddfcc3d56bf8169a1a4c234c49a7f8d648a362f0674f7f57569420356bea7e86ce11db22c5c804  kresd.initd
a1e4af78ad8df36feb41619ac63aa8505cb68b434a3e01c8929f69759f5a6abe9667a6d5738928ff67daaccab58e5fecd49ce4ff439674f1e073982042a907fd  kres-cache-gc.initd
ad017f54aaa214862a67c8242efe9fa56dc66a8ac0012cc0f4eb981d6fd631b250378602f8f5af9916fff071d9a60d1e588e07458f8d891d19787c3b5d48cdb5  kres-cache-gc.confd
"
